How to verify a checksum in Linux


4 January, 2021

tl;dr, where the following command should echo the checksum if it is correct:
<checksum function> filename.ext | grep <checksum string>
For example,
sha256sum file.txt | grep 3b884f7a5ea2c482451123beaaa0def0427f900371467488babe7ccdfcb66b4a

This post is simply a short note describing one method of verifying checksums in Linux.

The method

All that we do is calculate the checksum for the file in question, and then pipe the output to grep and paste the result that we're expecting.

For example, let's say we've just downloaded a file called cheese.txt that only contains the string cheese. We know that the SHA256 sum for this file is 3b884f7a5ea2c482451123beaaa0def0427f900371467488babe7ccdfcb66b4a. Let's recreate this here, by creating the file:

echo cheese > cheese.txt

Now we want to generate the SHA256 sum and compare it against the known checksum that we listed above. To do this, we pass our file to the sha256sum command, and pipe the output to grep, the target of which is our copy/pasted known checksum. For example:

sha256sum cheese.txt | grep 3b884f7a5ea2c482451123beaaa0def0427f900371467488babe7ccdfcb66b4a

If the checksum is returned from the above command (via grep), then we know that the checksums match and everything is okay. If nothing is returned, then the checksums don't match and we might be in trouble. In that case, don't install or trust whatever you just downloaded!

If you need to check against a different checksum algorithm, e.g., MD5, then don't forget to replace sha256sum with the appropriate command.


I actually stumbled upon this particular method in a comment by the user "O" on the It's FOSS website here:


Leave a comment